AMENDMENTS TO THE CLAIMS 



This listing of claim will replace all prior versions and listings of claim in the application. 

1 . (currently amended) A method for providing a client with access to a primary system 
through an intermediate system, said method comprising the steps of: 

(a) creating a log-in record, wherein said log-in record includes an encrypted version 
of a primary system client identifier; 

(b) said intermediate system receiving log-in data for said client; 

(c) authenticating access of said client to said intermediate system, based on data from 
said log-in data and data from said log-in record;[[ and]] 

(d) sending authentication data to said primary system, wherein said authentication data 
includes data from said primary system client identifier[[.]] ; and 

(e) performing authentication on the primary system using the data from the said primary 
system client identifier. 

2. (original) The method of claim 1, wherein said step (a) includes the step of: 
(1) encrypting said primary system client identifier. 



3. (original) The method of claim 1, wherein said step (c) includes the steps of: 

(1) identifying said log-in record as corresponding to said log-in data; and 

(2) decrypting said encrypted version of said primary system client identifier in said log- 
in record to obtain data for said authentication data. 



4. (original) The method of claim 3, wherein said step (c) further includes the step of: 
(3) determining whether said decryption performed in said step (c)(2) is successful. 

5. (original) The method of claim 3, wherein said log-in data includes an intermediate 
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system client identifier and a primary system identifier, wherein said step (c)(1) includes the step of: 
(i) identifying said log-in record as containing a first value corresponding to said 
intermediate system client identifier and a second value corresponding to said primary system 
identifier. 

6. (original) The method of claim 3, wherein said step (c)(2) includes the steps of: 

(i) generating a key for decrypting said encrypted version of said primary system client 
identifier, wherein said step (c)(2)(i) employs an intermediate system client password from said log- 
in data; and 

(ii) employing said key to decrypt said encrypted version of said primary system client 
identifier. 

7. (original) The method of claim 6, wherein said step (c)(2)(i) includes the step of: 
hashing a combination of said intermediate system client password and at least one value 

stored in said intermediate system. 

8. (original) The method of claim 1, wherein said encrypted version of said primary 
system client identifier is expressed as E((tt|CID|CPW), H(IKEY|ICP)), wherein: 

E((tt|CID|CPW), H(KEY|ICP)) is an encrypted value with (tt|CID|CPW) being data 
encrypted using encryption function E and H(IKEY|ICP) being a key for encryption function E, 
(CID|CPW) is said primary system client identifier, 
tt is a redundant telltale character string, 

H(IKEY|ICP) is a hashed value resulting from hashing data value (KEY|ICP) with hash 
function H, 

DCEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CED is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 
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9. (original) The method of claim 1, wherein said encrypted version of said primary 
system client identifier is expressed as E((tt|F((CID|CPW), K)), H(IKEY|ICP)), wherein: 

E((tt|F((CID|CPW), K)), H(DCEY|ICP)) is an encrypted value with (tt|F((CID|CPW), K)) 
being data encrypt using encryption function E and H(IKEY|ICP) being a key for encryption function 
E 5 

F((CID|CPW),K) is said primary system client identifier, with F((CED|CPW),K) being an 
encrypted value with (CH)|CPW) being data encrypt using encryption function F and K being a key 
for encryption function F, wherein encryption key K and a corresponding decryption key for 
encryption function F are known to said primary system and not known to said intermediate system, 

tt is a redundant telltale character string, 

H(1KEY|ICP) is a hashed value resulting from hashing data value (DCEY|ICP) with hash 
function H, 

KEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CED is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

10. (original) The method of claim 1, wherein said encrypted version of said primary 
system client identifier is expressed as E(F((tt|CID|CPW), K), H(IKEY|ICP)), wherein: 

E(F((tt|CID|CPW), K), H(IKEY|ICP)) is an encrypted value with (F(tt|CID|CPW), K) being 
data encrypted using encryption function E and H(DCEY|ICP) being a key for encryption function E, 

F((tt|CID|CPW),K) is said primary system client identifier, with F((tt|CID|CPW),K) being an 
encrypted value with (tt|CID|CPW) being data encrypted using encryption function F and K being a 
key for encryption function F, wherein encryption key K and a corresponding decryption key for 
encryption function F are known to said primary system and not known to said intermediate system, 

tt is a redundant telltale character string known to said primary system and not known to said 
intermediate system, 
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H(IKEY|ICP) is a hashed value resulting from hashing data value (IKEY|ICP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CDD is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

1 1 . (original) The method of claim 1 , further including the step of: 

(e) said primary system authenticating access of said client to said primary system, based 
on said authentication data sent to said primary system in said step (e). 

12. (original) The method of claim 11, wherein said step (e) includes the step of: 

( 1 ) said primary system determining whether at least one value from said authentication 
data corresponds to said client. 

1 3 . (original) The method of claim 1 2, wherein said authentication data includes a client 
identifier and a client password, wherein said step (c)(1) includes the step of: 

(i) verifying said client identifier and said client password correspond to said client. 

14. (original) The method of claim 11, wherein said step (e) includes the steps of: 

(1) decrypting said authentication data to obtain a set of data; and 

(2) determining whether at least one value from said set of data corresponds to said client. 

1 5 . (original) The method of claim 1 4, wherein said set of data includes a client identifier 
and a client password, wherein said step (e)(2) includes the step of: 

(i) verifying said client identifier and said client password correspond to said client. 

16. (original) The method of claim 14, wherein said authentication data is said primary 
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system client identifier. 

17. (original) The method of claim 16, wherein said primary system client identifier is 
expressed as F((CID|CPW),K), wherein: 

F((CID|CPW),K) is an encrypted value with (CID|CPW) being data encrypt using encryption 
function F and K being a key for encryption function F, wherein encryption key K and a 
corresponding decryption key for encryption function F are known to said primary system and not 
known to said intermediate system, 

CED is a client identifier corresponding to said client, and 

CPW is a client password corresponding to said client. 

18. (original) The method of claim 16, wherein said primary system client identifier is 
expressed as F((tt|CID|CPW),K), wherein: 

F((tt|CID|CPW),K) is an encrypted value with (tt|CE)|CPW) being data encrypted using 
encryption function F and K being a key for encryption function F, wherein encryption key K and a 
corresponding decryption key for encryption function F are known to said primary system and not 
known to said intermediate system, 

tt is a redundant telltale character string known to said primary system and not known to said 
intermediate system, 

CID is a client identifier corresponding to said client, and 

CPW is a client password corresponding to said client. 

1 9 . (currently amended) A processor readable storage medium having processor readable 

code embodied on said processor readable storage medium, said processor readable code for 

programming a processor to perform a method for providing a client with access to a primary system 

through an intermediate system, said method comprising the steps of: 

(a) creating a log-in record, wherein said log-in record includes an encrypted version 
of a primary system client identifier; 
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(b) said intermediate system receiving log-in data for said client; 

(c) authenticating access of said client to said intermediate system, based on data from 
said log-in data and data from said log-in record;[[ and]] 

(d) sending authentication data to said primary system, wherein said authentication data 
includes data from said primary system client identifier[[.]]iand 

(e) performing authentication on the primary system using the data from the said primary 
system client identifier. 

20. (original) The processor readable storage medium of claim 1 9, wherein said step (a) 
includes the step of: 

(1) encrypting said primary system client identifier. 

2 1 . (original) The processor readable storage medium of claim 1 9, wherein said step (c) 
includes the steps of: 

(1) identifying said log-in record as corresponding to said log-in data; and 

(2) decrypting said encrypted version of said primary system client identifier in said log- 
in record to obtain data for said authentication data. 

22. (original) The processor readable storage medium of claim 21, wherein said log-in 
data includes an intermediate system client identifier and a primary system identifier, wherein said 
step (c)(1) includes the step of: 

(i) identifying said log-in record as containing a first value corresponding to said 
intermediate system client identifier and a second value corresponding to said primary system 
identifier. 

23. (original) The processor readable storage medium of claim 21, wherein said step 
(c)(2) includes the steps of: 

(i) generating a key for decrypting said encrypted version of said primary system client 
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identifier, wherein said step (c)(2)(i) employs an intermediate system client password from said log- 
in data; and 

(ii) employing said key to decrypt said encrypted version of said primary system client 
identifier. 

24. (original) The processor readable storage medium of claim 23, wherein said step 
(c)(2)(i) includes the step of: 

hashing a combination of said intermediate system client password and at least one value 
stored in said intermediate system. 

25. (original) The processor readable storage medium of claim 19, wherein said 
encrypted version of said primary system client identifier is expressed as E((tt|CID|CPW), 
H(IKEY|ICP)), wherein: 

E((tt|CID|CPW), H(IKEY|ICP)) is an encrypted value with (tt|CED|CPW) being data 
encrypted using encryption function E and H(IKEY|ICP) being a key for encryption function E, 
(CED|CPW) is said primary system client identifier, 
tt is a redundant telltale character string, 

H(IKEY|ICP) is a hashed value resulting from hashing data value (IKEY|ICP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CDD is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

26. (original) The processor readable storage medium of claim 19, wherein said 
encrypted version of said primary system client identifier is expressed as E((tt|F((CID|CPW), K)), 
H(IKEY|ICP)), wherein: 

E((tt|F((CID|CPW), K)), H(IKEY|ICP)) is an encrypted value with (tt|F((CID|CPW), K)) 
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being data encrypt using encryption function E and H(IKEY|ICP) being a key for encryption function 
E, 

F((CID|CPW),K) is said primary system client identifier, with F((CK)|CPW),K) being an 
encrypted value with (CED|CPW) being data encrypt using encryption function F and K being a key 
for encryption function F, wherein encryption key K and a corresponding decryption key for 
encryption function F are known to said primary system and not known to said intermediate system, 

tt is a redundant telltale character string, 

H(IKEY|ICP) is a hashed value resulting from hashing data value (IKEY|ICP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CID is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

27. (original) The processor readable storage medium of claim 19, wherein said 
encrypted version of said primary system client identifier is expressed as E(F((tt|CID|CPW), K), 
H(IKEY|ICP)), wherein: 

E(F((tt|CK)|CPW), K), H(DCEY|ICP)) is an encrypted value with (F(tt|CID|CPW), K) being 
data encrypted using encryption function E and H(IKEY|ICP) being a key for encryption function E, 

F((tt|CID|CPW),K) is said primary system client identifier, with F((tt|CID|CPW),K) being an 
encrypted value with (tt|CID|CPW) being data encrypted using encryption function F and K being a 
key for encryption function F, wherein encryption key K and a corresponding decryption key for 
encryption function F are known to said primary system and not known to said intermediate system, 

tt is a redundant telltale character string known to said primary system and not known to said 
intermediate system, 

H(IKEY|ICP) is a hashed value resulting from hashing data value (IKEY|ICP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 
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ICP is as an encryption key component in said log-in data, 
CE) is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

28. (original) The processor readable storage medium of claim 1 9, further including the 

step of: 

(e) said primary system authenticating access of said client to said primary system, based 
on said authentication data sent to said primary system in said step (e). 

29. (original) The processor readable storage medium of claim 28, wherein said step (e) 
includes the step of: 

( 1 ) said primary system determining whether at least one value from said authentication 
data corresponds to said client. 

30. (original) The processor readable storage medium of claim 29, wherein said 
authentication data includes a client identifier and a client password, wherein said step (c)(1) 
includes the step of: 

(i) verifying said client identifier and said client password correspond to said client. 

3 1 . (original) The processor readable storage medium of claim 28, wherein said step (e) 
includes the steps of: 

(1) decrypting said authentication data to obtain a set of data; and 

(2) determining whether at least one value from said set of data corresponds to said client. 

32. (original) The processor readable storage medium of claim 31, wherein said set of 
data includes a client identifier and a client password, wherein said step (e)(2) includes the step of: 

(i) verifying said client identifier and said client password correspond to said client. 
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33. (original) The processor readable storage medium of claim 31, wherein said 
authentication data is said primary system client identifier. 

34. (original) The processor readable storage medium of claim 3 3 , wherein said primary 
system client identifier is expressed as F((CID|CPW),K), wherein: 

F((CED|CPW),K) is an encrypted value with (CID|CPW) being data encrypt using encryption 
function F and K being a key for encryption function F, wherein encryption key K and a 
corresponding decryption key for encryption function F are known to said primary system and not 
known to said intermediate system, 

CID is a client identifier corresponding to said client, and 

CPW is a client password corresponding to said client. 

3 5 . (original) The processor readable storage medium of claim 3 3 , wherein said primary 
system client identifier is expressed as F((tt|CID|CPW),K), wherein: 

F((tt|CID|CPW),K) is an encrypted value with (tt|CID|CPW) being data encrypted using 
encryption function F and K being a key for encryption function F, wherein encryption key K and a 
corresponding decryption key for encryption function F are known to said primary system and not 
known to said intermediate system, 

tt is a redundant telltale character string known to said primary system and not known to said 
intermediate system, 

CID is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

3 6 . (currently amended) An apparatus providing a client with access to a primary system 
through an intermediate system, said apparatus comprising: 
a processor; and 

a processor readable storage medium, in communication with said processor, said processor 
readable storage medium storing code for programming said processor to perform a method 
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including the steps of: 

(a) creating a log-in record, wherein said log-in record includes an encrypted version 
of a primary system client identifier; 

(b) said intermediate system receiving log-in data for said client; 

(c) authenticating access of said client to said intermediate system, based on data from 
said log-in data and data from said log-in record;[[ and]] 

(d) sending authentication data to said primary system, wherein said authentication data 
includes data from said primary system client identifierff.il ; an d 

(e) performing authentication on the primary system using the data from the said primary 
system client identifier. 

37. (original) The apparatus of claim 36, wherein said step (a) includes the step of: 
(1) encrypting said primary system client identifier. 

38. (original) The apparatus of claim 36, wherein said step (c) includes the steps of: 

(1) identifying said log-in record as corresponding to said log-in data; and 

(2) decrypting said encrypted version of said primary system client identifier in said log- 
in record to obtain data for said authentication data. 

39. (original) The apparatus of claim 38, wherein said step (c)(2) includes the steps of: 

(i) generating a key for decrypting said encrypted version of said primary system client 
identifier, wherein said step (c)(2)(i) employs an intermediate system client password from said log- 
in data; and 

(ii) employing said key to decrypt said encrypted version of said primary system client 
identifier. 

40. (original) The apparatus of claim 39, wherein said step (c)(2)(i) includes the step of: 
hashing a combination of said intermediate system client password and at least one value 



Attorney Docket No.: FUSN1-01300US1 
fusn 1/13 OOus 1 / 1 300us 1 .response-00 1 



- 12- 



stored in said intermediate system. 

4 1 . (original) The apparatus of claim 36, wherein said encrypted version of said primary 
system client identifier is expressed as E((tt|CID|CPW), H(KEY|ICP)), wherein: 

E((tt|CID|CPW), H(KEY|ICP)) is an encrypted value with (tt|CID|CPW) being data 
encrypted using encryption function E and H(IKEY|ICP) being a key for encryption function E, 
(CH)|CPW) is said primary system client identifier, 
tt is a redundant telltale character string, 

H(DCEY|ICP) is a hashed value resulting from hashing data value (IKEY|ICP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CID is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

42. (original) The apparatus of claim 36, wherein said encrypted version of said primary 
system client identifier is expressed as E((tt|F((CE)|CPW), K)), H(IKEY|ICP)), wherein: 

E((tt|F((CID|CPW), K)), H(IKEY|ICP)) is an encrypted value with (tt|F((CID|CPW), K)) 
being data encrypt using encryption function E and H(IKEY|ICP) being a key for encryption function 
E, 

F((CID|CPW),K) is said primary system client identifier, with F((CID|CPW),K) being an 
encrypted value with (CE)|CPW) being data encrypt using encryption function F and K being a key 
for encryption function F, wherein encryption key K and a corresponding decryption key for 
encryption function F are known to said primary system and not known to said intermediate system, 

tt is a redundant telltale character string, 

H(IKEY|ICP) is a hashed value resulting from hashing data value (IKEY|ICP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 



Attorney Docket No.: FUSN1-01300US1 
fusn 1 / 1 300us 1 / 1 300us 1 . response-00 1 



- 13- 



ICP is as an encryption key component in said log-in data, 
CED is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 

43 . (original) The apparatus of claim 36, wherein said encrypted version of said primary 
system client identifier is expressed as E(F((tt|CID|CPW), K), H(IKEY|ICP)), wherein: 

E(F((tt|CID|CPW), K), H(KEY|ICP)) is an encrypted value with (F(tt|CID|CPW), K) being 
data encrypted using encryption function E and H(IKEY|ICP) being a key for encryption function E, 

F((tt|CID|CPW),K) is said primary system client identifier, with F((tt|CID|CPW),K) being an 
encrypted value with (tt|CH)|CPW) being data encrypted using encryption function F and K being a 
key for encryption function F, wherein encryption key K and a corresponding decryption key for 
encryption function F are known to said primary system and not known to said intermediate system, 

tt is a redundant telltale character string known to said primary system and not known to said 
intermediate system, 

H(IKEY|ICP) is a hashed value resulting from hashing data value (IKEYjlCP) with hash 
function H, 

IKEY is an encryption key component stored on said intermediate system, 
ICP is as an encryption key component in said log-in data, 
CID is a client identifier corresponding to said client, and 
CPW is a client password corresponding to said client. 
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